Quoting Trent W. Buck (trentbuck@gmail.com):
As to cookies, I take a scorched earth approach of deleting anything that looks remotely like browser-created state every fifteen minutes. http://cyber.com.au/~twb/.bin/twb-privacy
Sure. And you'll probably want to give the same treatment to the far-worse Flash cookies (if you have the Adobe/Macromedia proprietary Flash plugin at all). Standard HTTP cookies have tiny capacity, while Flash cookies have immense capacity.[1] Part of the point of Samy Kamkar's Evercookie proof-of-concept invention, which you cite, is that the real keystone threat piece in this picture is actually Javascript. If not carefully controlled by something like NoScript, and ideally not just NoScript but NoScript with some of its non-default controls enabled and custom-tweaked, data-miners and other pests can and do use Javascript to orchestrate the contents of any of the many kinds of browser-local storage in your browser, for their purposes and not yours. If you look on the front page of the www.svlug.org Web site (or on linuxmafia.com/presentations), you'll find slides and lecture notes for talks I've given on this and related matters, that might possibly be of interest.
I also miss polipo's censorReferers = maybe option, which would only include the Referer if the TLD was the same.
Somehow, I'd missed hearing about Polipo until now. Thanks! [1] It's as if Adobe/Macromedia had stage-whispered to a bunch of pushy companies, saying 'Hey, gang! Want to spy on the public's Internet use and track them everywhere they go? Just get them to run Flash animations and we'll give you everything you need.'